BIB-VERSION:: CS-TR-v2.0
ID:: ncstrl.dartmouthcs//TR2002-430
ENTRY:: June 13, 2002
ORGANIZATION:: Dartmouth College, Computer Science
TITLE:: Building Trusted Paths for Web Browsers
TYPE:: Technical Report (paper)
REVISION:: 1
AUTHOR:: Ye, Eileen Zishuang
DATE:: May 2002
RETRIEVAL:: For a paper copy, email <reports@cs.dartmouth.edu>
RETRIEVAL:: For a paper copy, write to
       Technical Report Librarian
       Department of Computer Science
       Dartmouth College
       6211 Sudikoff Laboratory
       Hanover, NH 03755-3510
       USA
RETRIEVAL:: Compressed Postscript at http://www.cs.dartmouth.edu/reports/TR2002-430.ps.Z
RETRIEVAL:: PDF at http://www.cs.dartmouth.edu/reports/TR2002-430.pdf
ABSTRACT:: 
	The communication between the Web browser and the human
user is one component of the server-client channel. It is not
the user but the browser that receives all server
information and establishes the secure connection. The
browser's user interface signals, such as SSL lock, https
protocol header et al., indicate whether the browser-server
communication at the current moment is secure. Those
user interface signals indicating the security status of
browser should be clearly and correctly understood by the
user.
       A survey of modern Web browsers shows the information
provided by current browsers is insufficient for users to
make trust judgment. Our Web spoofing work further proved
that the browser status information is not reliable either.
       We discuss the criteria for and how to build the
trusted paths between a browser and a human user. We present
an open source implementation of one of the
designs--synchronized random dynamic (SRD) boundary, based
on Modified Mozilla source code, together with its usability
study results.
END:: ncstrl.dartmouthcs//TR2002-430